Layer 2 person spoofing and impostor syndrome

Transcript

1. Layer 2 person spoofing and impostor syndrome % sudo ifconfig

   en0 ether 78:4f:43:69:1b:10 \ && ifconfig en0 | head -3 en0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500 ether 78:4f:43:69:1b:10 inet 10.100.1.219 netmask 0xfffffc00 broadcast 10.100.3.255 Thanks hotspot.nzwireless.co.nz @benjammingh for BsidesNZ 1

2. Who's this clown? (1/2) 2 • Security Engineer at Stripe.

   • Infrastructure security at Etsy. • Opera5ons engineer at Puppet. • Two 5me sponsor of Wrong Island Con. 2 h$ps:/ /twi$er.com/skullmandible/status/411281851131523072 @benjammingh for BsidesNZ 2

3. Who's this whingeing pom? (2/2) • Knows how to pronounce

   "router". • Is delighted to be back here enjoying the 300/400ms latency on everything. • Has had his Instagramme stuck giving him NZ ads for the past 3 months. (if you know how to fix this, please help me!) @benjammingh for BsidesNZ 3

4. is heaps be)er than Obviously. @benjammingh for BsidesNZ 4

5. is also be)er than both @benjammingh for BsidesNZ 5

6. But first! @benjammingh for BsidesNZ 6

7. A trigger warning @benjammingh for BsidesNZ 7

8. This talk is about Vulnerabili*es @benjammingh for BsidesNZ 8

9. vulnerability |vʌln(ə)rəˈbɪlɪ4| noun (plural vulnerabili*es) [mass noun] the quality or

   state of being exposed to the possibility of being a5acked or harmed, either physically or emo:onally: conserva:on authori:es have realized the vulnerability of the local popula:on @benjammingh for BsidesNZ 9

10. the quality or state of being exposed to the possibility

    of being a5acked or harmed, either physically or emo$onally @benjammingh for BsidesNZ 10

11. So if you're looking for 0-day, you may be in

    the wrong room. @benjammingh for BsidesNZ 11

12. Impostor syndrome! @benjammingh for BsidesNZ 12

13. Impostor syndrome is when high- achieving individuals are marked by

    an inability to internalise their accomplishments & a persistent fear of being exposed as a "fraud" — clinical psychologists Dr. Pauline R. Clance & Suzanne A. Imes @benjammingh for BsidesNZ 13

14. "Am I even qualified to give this talk?" — Me,

    earlier today, proving that I probably am. @benjammingh for BsidesNZ 14

15. "But everyone has this, no?" @benjammingh for BsidesNZ 15

16. OCD vs. Actually liking things to be 2dy @benjammingh for

    BsidesNZ 16

17. Exemplum! @benjammingh for BsidesNZ 17

18. <Etsy story goes here, so slides are useless> @benjammingh for

    BsidesNZ 18

19. "I am going to be discovered and fired..." — Me,

    then. @benjammingh for BsidesNZ 19

20. THIS IS DUCKING DEPRESSING @benjammingh for BsidesNZ 20

21. It makes it real hard to do good work @benjammingh

    for BsidesNZ 21

22. Which then just perpetuates itself @benjammingh for BsidesNZ 22

23. Which leads to burnout... @benjammingh for BsidesNZ 23

24. @benjammingh for BsidesNZ 24

25. <But....> @benjammingh for BsidesNZ 25

26. Reality vs. Percep0on of others From h'ps:/ /billwa'.org/the-imposter-syndrome/ @benjammingh for

    BsidesNZ 26

27. @benjammingh for BsidesNZ 27

28. STORY TIME 2 @benjammingh for BsidesNZ 28

29. @benjammingh for BsidesNZ 29

30. HOLY SHIT WE HAVE DIFFERENCE EXPERIENCES @benjammingh for BsidesNZ 30

31. (Best (worst) stock photo ever?) @benjammingh for BsidesNZ 31

32. Impostor syndrome can be a sign that you're about to

    learn awesome things. @benjammingh for BsidesNZ 32

33. It can be a sign you have a lot of

    knowledge to share too! @benjammingh for BsidesNZ 33

34. Straw poll How many people have you heard of ge3ng

    fired due to knowing nothing? How many people have you heard of having impostor syndrome? @benjammingh for BsidesNZ 34

35. So why do our brains make this trade off? @benjammingh

    for BsidesNZ 35

36. Ego? @benjammingh for BsidesNZ 36

37. Did I men)on I work in security? @benjammingh for BsidesNZ

    37

38. Infosec problems (including but not limited to) • Has a&ackers.

    Coders have bugs, ops people have well the world. There are real humans a&acking you trying to break your shit.* • There is very clear win/lose stakes. • Especially in the con scene, a lot of posturing. • DefCon sCll exists (; * Assume blue team here, I know... @benjammingh for BsidesNZ 38

39. ...which leads to • people not showing their vulnerabili3es (not

    that kind). • people not admi:ng they don't know something out of fear. • people burning out and leaving the industry. • Infosec not being the most diverse and inclusive industry. @benjammingh for BsidesNZ 39

40. "well don't think of yourself as an imposter, think of

    yourself as not a psychopath." — Sco& Roberts @benjammingh for BsidesNZ 40

41. "One of the best things I've done for myself lately:

    created a doc where I copy-paste compliments I've go<en. Great for low days. Try it." — Molly Clare @benjammingh for BsidesNZ 41

42. "For passphrases, make them something posi2ve and encouraging, so every

    2me you have to type them in, you feel a li:le be:er about the world." — paraphrased from an Anonymous Canadian @benjammingh for BsidesNZ 42

43. Brains! @benjammingh for BsidesNZ 43

44. Aside: cogni,ve dissonance @benjammingh for BsidesNZ 44

45. @benjammingh for BsidesNZ 45

46. What can you do as an organisa0on? @benjammingh for BsidesNZ

    46

47. Acknowledge it! @benjammingh for BsidesNZ 47

48. It's okay to say what's okay @benjammingh for BsidesNZ 48

49. From The Recurse Center @benjammingh for BsidesNZ 49

50. Obligatory reference to blameless postmortems as I'm contractually bound to

    by Etsy @benjammingh for BsidesNZ 50

51. Praise others, because they may feel this too. @benjammingh for

    BsidesNZ 51

52. Tip for praise: Don't personalize. For the same reason you

    wouldn't say "You're a dumbass," don't just say "You're a genius." — @candor 5 5 Blameless praise! from Slack's great ar5cle on giving feedback @benjammingh for BsidesNZ 52

53. Stop the nerd snipe, even if it's good inten2oned @benjammingh

    for BsidesNZ 53

54. Your culture o*en affects people in seemingly invisible ways @benjammingh

    for BsidesNZ 54

55. Just don't go too far (; Dunning–Kruger effect @benjammingh for

    BsidesNZ 55

56. Let's hope I'm on track for 2me! • be understand

    to people, this is hard. • be kind to yourself, even if you're a jerk like me. • seek help if you can (friends, therapists, coworkers) @benjammingh for BsidesNZ 56

57. This affects people differently • Confidence sadly o.en comes with

    privilege. • As does arrogance. @benjammingh for BsidesNZ 57

58. Mess of links that will be useful when I tweet

    the URL to this slidedeck • Impostor Syndrome in DFIR - Sco5 Roberts fantas9c piece on the topic. • Allowed To Apply - blog on telling yourself you can do this. • How to get a promo9on • Blue Hackers - site on mental health in the tech community and how to help. @benjammingh for BsidesNZ 58

59. If this sounds like an environment you'd like to work

    in, come talk to me about Jobs at Stripe @benjammingh for BsidesNZ 59

60. Ta • My blog post on the subject • Fax:

    +1 (415) 484-7239 • Twidder: @benjammingh • SpeakerDeck: speakerdeck.com/barnbarn @benjammingh for BsidesNZ 60